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DETAILED ACTION 

In the amendment filed on 10/31/2006, the following have occurred: claims 1, 2, 6, 9-11, 
and 31-40 have been amended, claims 1-40 are pending, and the amendment to claims 
33-40 has necessitated the withdrawal of 35 U.S.C. 112, second paragraph rejection. 

Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

2. Claims 1-6, 31-36, and 40 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Trostle (US PAT: 5,919,257). 

Re claims 1 and 2. Trostle teaches a method to detect fraudulent activities at a 
network-based transaction facility, the method comprising: causing a first identifier (i.e., 
authorized username) associated with a first user identity to be stored on a machine 
responsive to a first sales-related event with respect to the network-based transaction 
facility and initiated under the first user identity from the machine which is coupled to 
the network-based transaction facility via a network; and detecting a potentially 
fraudulent activity by detecting a lack of correspondence (i.e., In response, the user 
enters a username which is transmitted to the server and in step 84 the server 
compares the entered username against a list of authorized users. If the username is 
not valid, network access is denied in step 86 and the login process ends, see col. 5 
lines 45-55) between the first identifier stored on the machine and a second identifier 
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(i.e., entered username) associated with a second user identity responsive to a second 
sales-related event with respect to the network-based transaction facility and initiated 
under the second user identity from the machine (i.e., In step 82 a username prompt is 
presented to the user. In response, the user enters a username which is transmitted to 
the server and in step 84 the server compares the entered username against a list of 
authorized users. If the username is not valid, network access is denied in step 86 and 
the login process ends. However, if the entered username is on the list, the server 
returns an encrypted private key to the workstation in step 88. The encrypted private 
key can only be decrypted with the user's password. In step 90 the server checks if 
any login restrictions, such as, time restrictions, station restrictions and account lock- 
out restrictions have been violated. These restrictions prevent logins from 
unauthorized workstations or logins during the wrong time of day. If there are 
violations, access is denied (step 86). However, if there are no login restrictions, the 
user is prompted to enter a password in step 92 and the validity of the password is 
determined in step 94, see col. 5 lines 45-67). 

Re claims 31-33, and 40. Claims 31-33, and 40 recite similar limitations to claim 1 and 
thus rejected using the same art and rationale in the rejection of claim 1. 
Re claims 3 and 34. Trostle discloses a method comprising causing the lack of 
correspondence between the first identifier and second identifier to be detected at the 
machine (i.e., In response, the user enters a username which is transmitted to the 
server and in step 84 the server compares the entered username against a list of 
authorized users. If the username is not valid, network access is denied in step 86 and 
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the login process ends, see col. 5 lines 45-55). 

Re claims 4-6, 35-36. Trostle further discloses a method comprising receiving both the 
first identifier and the second identifier at the network-based transaction facility from 
the machine, and detecting the lack of correspondence between the first identifier and 
second identifier at the network-based transaction facility (i.e., In step 82 a username 
prompt is presented to the user. In response, the user enters a username which is 
transmitted to the server and in step 84 the server compares the entered username 
against a list of authorized users. If the username is not valid, network access is 
denied in step 86 and the login process ends. However, if the entered username is on 
the list, the server returns an encrypted private key to the workstation in step 88, see 
col. 5 lines 45-60). 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 7-8, and 37 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Trostle, 

Re claims 7-8, and 37. Trostle does not explicitly disclose a method comprising 
causing the first and second identifier to be stored on the machine within a cookie. 
However, storing user identifiers on the machine within a cookie is a well-known cookie 
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bundling scheme. Cookie bundling is a common practice wherein all of the separate 
cookies pertaining to different type of user transaction preferences are packed together 
into one file. Thus it would have been obvious to one of ordinary skill in the art to 
introduce the well-known scheme in Trostle to enable separate cookies pertaining to 
different type of user transaction preferences to be packed together into one file. 
5. Claims 9-19, and 38 are rejected under 35 U.S.C. 103(a) as being unpatentable 

over Trostle in view of Miller (Michael Miller, The complete Idiot's Guide to Ebay 

Online Auctions, copyright July 1999). 
Re claims 9, 10. Trostle does not explicitly disclose a method wherein the first sales- 
related event includes one of registering with the network-based transaction facility, 
communicating an offer to sell an offering via the network-based transaction facility, 
communicating and offering to purchase the offering via the network-based transaction 
facility, communicating a feedback regarding a transaction, and updating a profile 
maintained by the network-based transaction facility. However, Miller discloses a 
method wherein the first event includes one of registering with the network-based 
transaction facility (see pg 133), communicating an offer to sell an offering via the 
network-based transaction facility, communicating and offering to purchase the offering 
via the network-based transaction facility (i.e., ebay, see pg 52) communicating a 
feedback regarding a transaction, and updating a profile maintained by the network- 
based transaction facility (i.e., ebay feedback, see pgs 157-161). Thus it would have 
been obvious to incorporate what is taught by Miller into Trostle to allow individuals and 
small businesses to sell and buy items from other internet users worldwide. 
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Re claims 11-14, and 38. Trostle discloses the method comprising: the detection of the 
lack of correspondence between the first identifier and the second identifier at one of 
the machine and the network-based transaction facility; inspect for the potentially 
fraudulent activity (i.e., In step 82 a username prompt is presented to the user. In 
response, the user enters a username which is transmitted to the server and in step 84 
the server compares the entered username against a list of authorized users. If the 
username is not valid, network access is denied in step 86 and the login process ends. 
However, if the entered username is on the list, the server returns an encrypted private 
key-to the workstation in step 88, see col. 5 lines 45-60), and causing the potentially 
fraudulent activity to be recorded into a database, (i.e., If the values are equal then illicit 
changes have not been made to the selected executables programs, and execution 
continues with step 90 which returns workstation execution to the system BIOS. 
Otherwise, step 92 is performed to notify the user, and/or the network system 
administrator, that an unauthorized change has been detected. The workstation may 
also make an entry in an audit server audit log, see col. 7 lines 27-38). Trostle does 
not explicitly disclose causing the first identifier and the second identifier to be stored on 
the machine within a shill cookie; causing a cookie identifier to be stored within the shill 
cookie; causing the shill cookie to be coupled to a cookie bundle which records a 
plurality of transaction preferences for the first user identity and the second user identity 
on the machine; causing the shill cookie bundle to be sent from the machine to the 
network-based transaction facility when the second user identify makes the second 
sales transaction event with the network-based transaction facility using the machine; 
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causing the shill cookie to be appended with the second identifier. However, storing 
user identifiers on the machine within a cookie is a well-known cookie bundling scheme. 
Cookie bundling is a common practice wherein all of the separate cookies pertaining to 
different type of user transaction preferences are packed together into one file. Thus it 
would have been obvious to one of ordinary skill in the art to introduce the well-known 
scheme in Trostle/Miller to enable separate cookies pertaining to different type of user 
transaction preferences to be packed together into one file. 

Re claim 15. Trostle discloses a method wherein the machine comprises a computer 
connected to the network-based transaction facility (i.e., a networked workstation 
performs an intrusion detection hashing function on selected workstation executable 
programs, see abstract). 

Re claim 16. Trostle does not explicitly disclose a method wherein the network-based 
transaction facility comprises an Internet-based auction facility. However Miller makes 
this disclosure (i.e., ebay, see pg 52). Thus it would have been obvious to incorporate 
what is taught by Miller into Trostle to allow individuals and small businesses to sell 
items to sell and buy items from other internet users worldwide. 
Re claim 17. Trostle does not explicitly disclose a method as in claim 16 further 
comprising: causing the shill cookie to record and to store a predetermined number of 
user identifiers. However, storing/recording user identifiers on the machine within a 
cookie is a well-known cookie bundling scheme. Cookie bundling is a common practice 
wherein all of the separate cookies pertaining to different type of user transaction 
preferences are packed together into one file. Thus it would have been obvious to one 



Application/Control Number: 09/905,046 Page 8 

Art Unit: 3692 

of ordinary skill in the art to introduce the well-known scheme in Trostle/Miller to enable 
separate cookies pertaining to different type of user transaction preferences to be 
packed together into one file. 

Re claims 18 and 19. Trostle does not disclose a method further comprising causing 
the shill cookie and the cookie bundle to be encoded and encrypted such that the shill 
cookie and the bundle cookie are coded. However, encoding and encrypting cookie are 
old and well known in the art. Encoding a cookie is formatting a cookie into a language 
that is not readily apparent to the user. Thus it would have been obvious to one of 
ordinary skill in the art to incorporate what is old and well known in the art into 
Trostle/Miller to maintain data integrity and to guarantee transaction facility security. 

6. Claims 20-30, and 39 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Trostle in view of Miller as applied to claims 19 and 38 above and further in 
view of Smaha et al (Smaha hereinafter, US PAT: 5,557,742). 
Re claims 20-21, and 39. Neither Trostle nor Miller explicitly disclose a method further 
comprising: generating a potential fraudulent activities table having a fraudulent activity 
field, a cookie identifier field, a user identifier field, and a frequency field; recording each 
of the potentially fraudulent activities and corresponding information into the potential 
fraudulent activities table; updating the potential fraudulent activities table at least on a 
periodic basis; and providing an updated report of the potential fraudulent activities table 
to an investigation team. However, Smaha discloses generating a potential fraudulent 
activities table having a fraudulent activity field, a cookie identifier field, a user identifier 
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field, and a frequency field (i.e., generate misuse report and load pres-elected fields, 
see fig.6B element 170 and element 176); recording each of the potentially fraudulent 
activities (i.e., misuse) and corresponding information into the potential fraudulent 
activities table (see fig.4 element 126); updating the potential fraudulent activities table 
at least on a periodic basis (i.e., once a misuse has been detected, an output 
mechanism generates a signal for use by notification and storage mechanism, see col. 3 
lines 40-45, also see col. 6 lines 1 1-14); and providing an updated report of the potential 
fraudulent activities table to an investigation team (i.e., the detection system then 
generates a text-based output report for a user to view or stored, see col.3 lines 40-44). 
Thus it would have been obvious to one of ordinary skill in the art to combine Trostle, 
Miller and Smaha to enable a user to store, view and analyze the fraudulent activities. 
Re claim 22. Trostle does not explicitly disclose a method wherein the new event 
includes one of registering with the network-based transaction facility, communicating 
an offer to sell an offering via the network-based transaction facility, communicating and 
offering to purchase the offering via the network-based transaction facility, 
communicating a feedback regarding a transaction, and updating a profile maintained 
by the network-based transaction facility. However, Miller discloses a method wherein 
the new event includes one of registering with the network-based transaction facility 
(see pg 133), communicating an offer to sell an offering via the network-based 
transaction facility, communicating and offering to purchase the offering via the network- 
based transaction facility (i.e., ebay, see pg 52) communicating a feedback regarding a 
transaction, and updating a profile maintained by the network-based transaction facility 
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(i.e., ebay feedback, see pgs 157-161). Thus it would have been obvious to incorporate 
what is taught by Miller into Trostle to allow individuals and small businesses to sell and 
buy items from other internet users worldwide. 

Re claims 23 and 24. Neither Trostle nor Miller discloses a method comprising 
providing the updated report to the investigation team at a predetermined time. / 
However, Shama discloses providing the updated report to the investigation team (i.e., 
a user) at a predetermined time (i.e., the detection system then generates a text-based 
output report for a user to view or stored, see col.3 lines 40-44). Thus it would have 
been obvious to one of ordinary skill in the art to combine Trostle, Miller and Smaha to 
enable a user to store, view and analyze the fraudulent activities. 
Re claim 25. Neither Trostle nor Miller and Shama a method further comprising 
providing a priority ranking system having a low priority for a low potential fraudulent 
activity frequency, a medium priority for a medium potential fraudulent activity frequency 
and a high priority for a high potential fraudulent activity frequency. However, it is old 
and well in business management art to prioritize events based on the events degree of 
importance. Thus it would have been obvious to one of ordinary skill in the art to 
incorporate what is old and well known in the art into the combination of Trostle, Miller 
and Shama to prioritize the frequency of fraudulent activities and to enable the system 
to process data more efficiently. 

Re claim 26. Trostle discloses a method further comprising examining the updated 
report to confirm the potentially fraudulent activity (i.e., the detection system then 
generates a text-based output report for a user to view or stored, see col.3 lines 40-44). 
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Re claim 27. Trostle discloses how fraudulent activities i.e., an authorized change to a 
workstation can be detected and prevented. Trostle does not explicitly disclose a 
method wherein the potentially fraudulent activity includes one of shill biddings and shill 
feedbacks. However, Miller explicitly disclose a method wherein the potentially 
fraudulent activity includes one of shill biddings and shill feedbacks (see pg 218 and pg 
222). Thus it would have been obvious to one of ordinary skill in the art to use the 
intrusion detection system of Trostle to detect and prevent fraudulent activities in online 
auction market i.e., shill bidding and shill feedback as taught by Miller. 
Re claim 28. Trostle does not disclose a method wherein the recording does not affect 
any one of the first sales related event, the second sales event, and the new event. 
However Smaha makes this disclosure (i.e., a method for using processing system 
inputs to form events, processing the events by the misuse engine according to a set of 
selectable misuses, and generating one or more misuse outputs. The method converts 
system-generated inputs to events by establishing a first data structure for use by the 
system which stores the event. The data structure has elements including (1) 
authentication information; (2) subject information; and (3) object information. The 
method further extracts from system audit trail records, system log file data, and system 
security state data the information necessary for the first data structure. The method 
includes the steps of storing the events into the first data structure, see col. 12 line 65 - 
col. 13 Iine10). Thus it would have been obvious to combine the teachings of Trostle and 
Smaha to detect and prevent fraudulent activities in online auction market. 
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Re claim 29. Trostle further discloses a method further comprising causing the 
detection of the potentially fraudulent activity responsive a matching of at least two 
user transaction preferences from at least two different user identifies (i.e., In step 82 a 
username prompt is presented to the user. In response, the user enters a username 
which is transmitted to the server and in step 84 the server compares the entered 
username against a list of authorized users. If the username is not valid, network 
access is denied in step 86 and the login process ends. However, if the entered 
username is on the list, the server returns an encrypted private key to the workstation 
in step 88. The encrypted private key can only be decrypted with the user's password. 
In step 90 the server checks if any login restrictions, such as, time restrictions, station 
restrictions and account lock-out restrictions have been violated. These restrictions 
prevent logins from unauthorized workstations or logins during the wrong time of day. 
If there are violations, access is denied (step 86). However, if there are no login 
restrictions, the user is prompted to enter a password in step 92 and the validity of the 
password is determined in step 94, see col.5 lines 45-67). 
Re claim 30. Trostle does not explicitly discloses a method wherein the user 
transaction preferences comprise credit card numbers, bidding histories, payment 
methods, and shipping addresses. However, Miller makes this disclosure (see pg 23). 
Thus it would have been obvious to one of ordinary skill in the art to combine the 
teachings of Trostle and Miller to detect and prevent fraudulent activities in online 
auction market. 
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Response to Arguments 

7. Applicant's arguments filed on 10/31/06 have been fully considered but they are 
not persuasive. The applicant argues in substance that the primary reference, Trostle, 
is directed to a system and method for detecting and preventing the modification of 
pre-boot executables (programs) on a workstation that may be linked to a server, and 
thus fails to teach storing a first user identity responsive to a first sales-related event 
with respect to the network-based transaction facility; a transaction facility or a server 
used in a transaction facility; detecting the lack of correspondence between a first 
identifier stored on a machine and a second identifier. Further, the applicant maintains 
that none of the secondary references meets the limitations stated supra. Contrary to 
the applicant's assertion, Trostle discloses in col. 5 lines 45-67 i.e., " in step 82, a 
username prompt is presented to the user. In response, the user enters a username 
which is transmitted to the server and in step 84 the server compares the entered 
username against a list of authorized users. If the username is not valid, network 
access is denied in step 86 and the login process ends. However, if the entered 
username is on the list, the server returns an encrypted private key to the workstation 
in step 88. The encrypted private key can only be decrypted with the user's password. 
In step 90 the server checks if any login restrictions, such as, time restrictions, station 
restrictions and account lock-out restrictions have been violated. These restrictions 
prevent logins from unauthorized workstations or logins during the wrong time of day. 
If there are violations, access is denied (step 86). However, if there are no login 
restrictions, the user is prompted to enter a password in step 92 and the validity of the 



Application/Control Number: 09/905,046 Page 14 

Art Unit: 3692 

password is determined in step 94." Clearly, in col. 5 lines 45-67, Trostle is describing 
an authentication process wherein a user identity (i.e., username) is compared to pre- 
stored user information, and if a match is not found between the entered username and 
the pre-stored information, network access is denied to the said user, and the log-in 
process terminates. Thus, the authentication process described by Trostle in col. 5 lines 
45-67 constitutes the applicant's claimed limitations i.e., "storing a first user identity 
responsive to a first sales-related event with respect to the network-based transaction 
facility; a transaction facility or a server used in a transaction facility; detecting the lack 
of correspondence between a first identifier stored on a machine and a second 
identifier." All in all, Trostle disclosed authentication process reads on these limitations. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to OJO O. OYEBISI whose telephone number is (571) 

272- 8298. The examiner can normally be reached on 8:30A.M-5:30P.M. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, RICHARD E. CHILCOT can be reached on (571)272-6777. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




